refactor(front-stack): introduce sys-stk-front-base and semi-stateless stack; improve coturn role docs

- Extract common HTTPS + Cloudflare + handler bootstrap into new role sys-stk-front-base
- Update sys-stk-front-proxy, web-svc-cdn, web-svc-file, web-svc-html to depend on sys-stk-front-base
- Add new sys-stk-semi-stateless role combining front-base + back-stateless
- Update web-svc-coturn to use sys-stk-semi-stateless and rewrite README/meta with detailed Coturn description
- Unify sys-util-csp-cert README heading

Ref: ChatGPT conversation https://chatgpt.com/share/68d6cea2-3570-800f-acb3-c3277317f17b

roles/web-svc-coturn/README.md

@@ -1,9 +1,46 @@
-# Coturn Server (DRAFT)
-setup an coturn server based on https://hub.docker.com/r/coturn/coturn
+# Coturn
 
-## todo
+This folder contains the role to deploy and manage a [Coturn](https://github.com/coturn/coturn) service.
 
-Needs to be implemented so that Nextcloud Talk works
+## Description
 
-## author 
-[Kevin Veen-Birkenbach](https://www.veen.world)
+[Coturn](https://github.com/coturn/coturn) is a free and open-source **TURN (Traversal Using Relays around NAT)** and **STUN (Session Traversal Utilities for NAT)** server.  
+It enables real-time communication (RTC) applications such as **WebRTC** to work reliably across NATs and firewalls.
+
+Without TURN/STUN, video calls, conferencing, and peer-to-peer connections often fail due to NAT traversal issues.  
+Coturn solves this by acting as a **relay server** and/or **discovery service** for public IP addresses.
+
+More background:  
+* Wikipedia: [Traversal Using Relays around NAT](https://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT)  
+* Wikipedia: [Session Traversal Utilities for NAT](https://en.wikipedia.org/wiki/STUN)  
+* Official Coturn Docs: [https://github.com/coturn/coturn/wiki](https://github.com/coturn/coturn/wiki)
+
+## Overview
+
+This role deploys Coturn via Docker Compose using the `sys-stk-semi-stateless` stack.  
+It automatically configures:
+- TURN and STUN listening ports
+- Relay port ranges
+- TLS certificates (via Let’s Encrypt integration)
+- Long-term credentials and/or REST API secrets
+
+Typical use cases:
+- Nextcloud Talk
+- Jitsi
+- BigBlueButton
+- Any WebRTC-based application
+
+## Features
+
+* Stateless container deployment (no database or persistent volume required)  
+* Automatic TLS handling via `sys-stk-front-base`  
+* TURN and STUN support over TCP and UDP  
+* Configurable relay port ranges for scaling  
+* Integration into Infinito.Nexus inventory/variable system
+
+## Further Resources
+
+* Coturn Project — [https://github.com/coturn/coturn](https://github.com/coturn/coturn)  
+* Coturn Wiki — [https://github.com/coturn/coturn/wiki](https://github.com/coturn/coturn/wiki)  
+* TURN on Wikipedia — [https://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT](https://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT)  
+* STUN on Wikipedia — [https://en.wikipedia.org/wiki/STUN](https://en.wikipedia.org/wiki/STUN)  

roles/web-svc-coturn/meta/main.yml

@@ -1,7 +1,7 @@
 ---
 galaxy_info:
   author: "Kevin Veen-Birkenbach"
-  description: "Deploys a Coturn TURN/STUN server via Docker Compose, with automatic domain and port configuration for Nextcloud Talk."
+  description: "Deploys Coturn, a free and open-source TURN/STUN server"
   license: "Infinito.Nexus NonCommercial License"
   license_url: "https://s.infinito.nexus/license"
   company: |
@@ -12,12 +12,13 @@ galaxy_info:
     - coturn
     - turn
     - stun
+    - webrtc
     - docker
+    - stateless
+    - realtime
   repository: "https://s.infinito.nexus/code"
   issue_tracker_url: "https://s.infinito.nexus/issues"
-  documentation: "https://s.infinito.nexus/code/tree/main/roles/web-svc-coturn"
-  min_ansible_version: "2.9"
-  platforms:
-    - name: Any
-      versions:
-        - all
+  documentation: "https://github.com/coturn/coturn/wiki"
+  logo:
+    class: "webrtc"
+  run_after: []

roles/web-svc-coturn/tasks/main.yml

@@ -1,4 +1,4 @@
 ---
-- name: "For '{{ application_id }}': Load sys-stk-back-stateless"
+- name: "Load 'sys-stk-semi-stateless' for '{{ application_id }}'"
   include_role:
-    name: sys-stk-back-stateless
+    name: sys-stk-semi-stateless